Aaa authentication enable – Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual
Page 41

AAA Commands
Page 40
User Guidelines
•
The default and optional list names created with the aaa authentication login command are used with the
login authentication command.
•
Create a list by entering the aaa authentication login list-name method command for a particular protocol,
where list-name is any character string used to name this list. The method argument identifies the list of
methods that the authentication algorithm tries, in the given sequence.
•
The additional methods of authentication are used only if the previous method returns an error, not if it fails.
To ensure that the authentication succeeds even if all methods return an error, specify none as the final
method in the command line.
Example
The following example configures the authentication login.
aaa authentication enable
The aaa authentication enable Global Configuration mode command defines authentication method lists for
accessing higher privilege levels. Use the no form of this command to return to the default configuration.
Syntax
aaa authentication enable {default | list-name} method1 [method2...]
no aaa authentication enable {default | list-name}
Parameters
•
default — Uses the listed authentication methods that follow this argument as the default list of methods,
when using higher privilege levels.
•
list-name — Character string used to name the list of authentication methods activated, when using access
higher privilege levels (Range: 1-12 characters).
•
method1 [method2...] — Specify at least one from the following table:
Default Configuration
If the default list is not set, only the enable password is checked. This has the same effect as the command aaa
authentication enable default enable.
On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has
the same effect as using the command aaa authentication enable default enable none.
Console(config)# aaa authentication login default radius local enable none
K e y w o r d
D e s c r i p t i o n
enable
Uses the enable password for authentication.
line
Uses the line password for authentication.
none
Uses no authentication.
radius
Uses the list of all RADIUS servers for authentication. Uses username $enabx$.,
where x is the privilege level.
tacacs
Uses the list of all TACACS+ servers for authentication. Uses username
"$enabx$." where x is the privilege level.